What if you could one day unlock your door or access your bank account by simply "thinking" your password? Too far out? Perhaps not.

Researchers at Carleton University in Ottawa, Canada, are exploring the possibility of a biometric security device that will use a person's thoughts to authenticate her or his identity.

Their idea of utilizing brain-wave signatures as "pass-thoughts" is based on the premise that brain waves are unique to each individual. Even when thinking of the same thing, the brain's measurable electrical impulses vary slightly from person to person. Some researchers believe the difference might just be enough to create a system that allows you to log in with your thoughts.

A pass-thought could be anything from a snatch of song, the memory of your last birthday or even the image of your favorite painting. A more achievable alternative might present you with predetermined pictures, music or video clips, to which you would think "yes" or "no" while the machine monitors your brain activity.

"It is known there are differences between people's brains and their signals," says Carleton researcher Julie Thorpe, who's working on the project with Anil Somayaji and Adrian Chan. "Can we observe a user-controllable signal encoding hundreds or thousands of bits of information in a repeatable fashion? That's the real question. We think it may be possible."

The system has the potential to become a new kind of biometric security tool that -- in contrast to fingerprint readers, iris scanners or facial recognition -- would allow users to change their pass codes periodically.

But is it really feasible, or is it just another pie-in-the-sky idea?

The research is an outgrowth of efforts to build a brain-computer interface, or BCI, by trying to extract the meaningful parts of brain-wave signals measured by an electroencephalogram, or EEG, and translate them into recognizable computer commands that allow disabled people to control and manipulate prosthetic devices. A chief challenge facing BCI technology is that brain-wave signatures are unique, so a system trained to recognize a particular user can be quite difficult for another to manipulate.

"Brain-wave signatures, represented as the EEG signals of a person ... are different from one individual to another, even when they perform the same thought or task," says professor Touradj Ebrahimi at the Swiss Federal Institute of Technology.

But the very distinctiveness of brain waves that works against researchers in developing universal tools is an asset when building an authentication system. A security device wouldn't need to interpret or understand the thought, but simply extract the repeatable features of the pattern and recognize a match. "A brain-based biometric can be as strong as DNA-based biometric," says Ebrahimi.

However, some researchers are skeptical that a computer will ever be able to passively recognize a particular mental image in a person's head.

Iead Rezek, of the Pattern Analysis Research Group at the University of Oxford, says the proposal has "flair," but is impractical: Too many things are going on in the brain at the cellular level that all look the same from a scalp distance. "Signals from an uncountable number of nerve cells are smeared and lumped together by the time we are recording the brain-wave patterns," says Rezek. "Authentication is akin to recognizing speakers from muffled voices because, for example, the speakers are some distance away."